﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;

namespace MVC_Project.UI
{
    public class PSSAuthorizeAttribute:AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            
            //页面地址
            string pageUrl = filterContext.HttpContext.Request.Url.AbsolutePath;

            string pathUrl = filterContext.HttpContext.Request.Url.PathAndQuery;


            var areaName = (filterContext.RouteData.DataTokens["area"] == null ? "" 
                : filterContext.RouteData.DataTokens["area"]).ToString().ToLower();

            //控制器名称
            string ControllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            //动作方法名称
            string ActionName = filterContext.ActionDescriptor.ActionName;
            // 是否是Ajax请求
            var bAjax = filterContext.HttpContext.Request.IsAjaxRequest();
            //是否子操作方法
            bool IsChildAction = filterContext.IsChildAction;
            // 允许匿名访问 用于标记(AllowAnonymous)在授权期间要跳过 AuthorizeAttribute 的控制器和操作的特性 
            var actionAnonymous = filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true) as IEnumerable<AllowAnonymousAttribute>;
            var controllerAnonymous = filterContext.Controller.GetType().GetCustomAttributes(typeof(AllowAnonymousAttribute), true) as IEnumerable<AllowAnonymousAttribute>;
            if ((actionAnonymous != null && actionAnonymous.Any()) || (controllerAnonymous != null && controllerAnonymous.Any()))
            {
                return;
            }

            var Session = filterContext.HttpContext.Session;
            //验证登录
            if (Session["uid"] == null)
            {
                //设置
                filterContext.HttpContext.Response.StatusCode = 401;
                ContentResult content = new ContentResult();
                if (bAjax)
                {
                    content.Content = "未登录或者登录状态已丢失!";
                }
                else
                {
                    content.Content = "<script>top.location.href = '/Sign/Login?Redirect="+ pathUrl + "';</script>";
                }
                filterContext.Result = content;
            }
            else
            {
                // 判断登录状态 Controller  Action 标签 某些功能只需判断是否登录 用户没登录 调到登录页面  
                // 判断Controller上是否有CheckLoginAttribute标签 只需要登录就可以访问
                var checkLoginControllerAttr = filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(CheckLoginAttribute), true) as IEnumerable<CheckLoginAttribute>;
                if (checkLoginControllerAttr != null && checkLoginControllerAttr.Any())
                {
                    return;
                }
                // 判断action上是否有CheckLoginAttribute标签 只需要登录就可以访问
                var checkLoginActionAttr = filterContext.ActionDescriptor.GetCustomAttributes(typeof(CheckLoginAttribute), true) as IEnumerable<CheckLoginAttribute>;
                if (checkLoginActionAttr != null && checkLoginActionAttr.Any())
                {
                    return;
                }



                //拿到当前用户的权限数据
                //List<Authority> auths = Session["auths"] as List<Authority>;
                ////验证用户是否拥有权限
                //if (!(auths.Where(a=>a.Menus.controllerName.Equals(ControllerName)).Any() 
                //    && (auths.Where(a => a.Menus.actionName.Equals(ActionName)).Any() || IsChildAction)
                //    ))
                //{
                //    if (bAjax)
                //    {
                       
                //    }
                //    else
                //    {
                //        filterContext.HttpContext.Response.StatusCode = 403;
                //        filterContext.Result = new RedirectResult("/403.html");
                //    }
                //}
                
            }

            //base.OnAuthorization(filterContext);
        }
    }
}